Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Spyware.Virtumonde HJT log [CLOSED]

JoKeR

Posted 24 September 2005 - 03:55 PM

JoKeR

Member

Member

60 posts

I have followed the advice that you guys gave to other people about winfixer (with VundoFix) but that did not work for me. I mean I downloaded VundoFix and ran it in safe mode but after pressing enter, F6, enter; nothing happened and the second filepath message never showed up. So could somebody help me with getting rid of WinFixer, please?

After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.

Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat

You will first be presented with a warning.
It should look like this

VundoFix V2.13 by Atri
By using VundoFix you agree that you are doing so at your own risk
Press enter to continue....

At this point press enter one time.

Next you will see:

Type in the filepath as instructed by the forum staff
Then Press Enter, Then F6, Then Enter Again to continue with the fix.

At this point please type the following file path (make sure to enter it exactly as below!):

C:\WINDOWS\AppPatch\abrmp3.dll

Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.

Next you will see:

Please type in the second filepath as instructed by the forum staff
Then Press Enter, Then F6, Then Enter Again to continue with the fix.

At this point please type the following file path (make sure to enter it exactly as below!):C:\WINDOWS\AppPatch\3pmrba.*

Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).Set the program up as follows:Click "Options..."Move the arrow down to "Custom CleanUp!"Put a check next to the following (Make sure nothing else is checked!):

JoKeR

Posted 26 September 2005 - 07:35 PM

JoKeR

Member

Topic Starter

Member

60 posts

First of all thank you very much UK Biker for your reply. But I can't seem to get my machine to boot up in safe mode, the "Safe Mode" text loads up in four coners but I'm just getting a black screen; I can still move my mouse though.Also here is a fresh HJT log:

JoKeR

Posted 26 September 2005 - 07:37 PM

JoKeR

Member

Topic Starter

Member

60 posts

First of all thank you very much UK Biker for your reply. But I can't seem to get my machine to boot up in safe mode, the "Safe Mode" text loads up in four coners but I'm just getting a black screen; I can still move my mouse though.Also here is a fresh HJT log:

ukbiker

Posted 26 September 2005 - 07:44 PM

ukbiker

Posted 26 September 2005 - 07:52 PM

ukbiker

Rest in Peace, ukbiker

Retired Staff

2,014 posts

Hi There

OK, this safemode issue has cropped up a few times recently

Try this procedure:

When you come to the point where the black screen appears and the text "safe mode" is displayed in the corners,open the taskmanager (Ctrl+Alt+Del) and find "explorer.exe . Click on it in the list and click "Terminate". This will probably take several minutes.
Once Explorer is terminated, navigating with the mouse will be easy, however you will have a desktop without icons.

Now, remember where you installed the "VundoFix" . Open the taskmanager again, and click "File>Run" in the toolbar. Type in the filepath to the VundoFix in the scrollbar and hit enter.
The default location of the VundoFix is here :
C:\Documents and Settings\YOUR USERNAME\Desktop\VundoFix\KillVundo.bat . Replace "your username" with your actual one.
Then click "ok" and if everything work as planned, you will now be able to run the VundoFix and go on with the procedure I already posted.

Since you during this operation cant navigate via Explorer, its important that you print those instructions, both the ones here and the entire cleaning procedure for the Vundo.

JoKeR

Posted 26 September 2005 - 08:07 PM

JoKeR

Member

Topic Starter

Member

60 posts

Well, there were two problems. First was that there was nothing running in "Tasks" so I started up KillVundo through "Create New Task" -> Browse. Second problem was as stated above once I typed in "C:\WINDOWS\AppPatch\abrmp3.dll" and hit Enter, F6, Enter; nothing happened. So I just restarted and tried again same thing.